In a client-server environment, a server provides computing and/or storage resources to a client through a network. The client may run an application using the server's central processing unit (CPU), or may store client files in a storage device managed by the server.
Some of the clients, referred to as untrusted clients, are not trusted by the server. To prevent untrusted clients from unauthorized file access, a server may allow file access by a client only if the client possesses valid credentials to be authenticated. Conventional file systems, such as Network File System (NFS), use data encryption standard (DES) encryption and public key cryptography to authenticate a client. Further, a permission mode can be set for each file and directory in the file system to restrict client's access to those files that are necessary for client's operations. With conventional file systems, an authenticated client is allowed to read, write and/or execute one or more files in a directory. Typically, the client can view a list of files in the directory, and choose one or more of the files in the directory to access. However, conventional file systems still suffer from security loopholes and enhancement techniques can be complex.